Nabin Nepal (Starx) javascript onclick security

May 3, 2012

How to prevent the clientside user from changing arguments in an onClick function?

Question by user1113531

I just realized while testing an onClick function with firebug that it would be really easy for a user to change the value of the arguments being passed. This could mess thins up.

Is there any easy way to prevent this, especially when arguments need to be passed?

Answer by Quentin

Quentin

It is impossible. The code is executing on the user’s computer. They are in control.

If they edit it and “mess it up”, then that is on their head.

If they edit it and it submits an HTTP request to your server, and your server allows (for instance) that request to delete data belonging to another user then the problem is that your server didn’t check that the user submitting the request had permission to delete that data before following through.

Answer by Starx

Starx

No, this simply can’t be done.

Once the script is loaded to the client’s machine. He can use/modify it, as he wants.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+ View all posts by Nabin Nepal (Starx)

Question by user1113531

Answer by Quentin

Answer by Starx

No, this simply can’t be done.

Author: Nabin Nepal (Starx)

Please fill the form - I will response as fast as I can!